6
3

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 1 year has passed since last update.

エーピーコミュニケーションズAdvent Calendar 2021

Day 22

TerraformでVM作成(Azure)

Last updated at Posted at 2021-12-22

こちらは エーピーコミュニケーションズAdvent Calendar 2021
の22日目の記事です。

こちらでTerraformを自己学習しているので(AWS)

Azureでもできないかなと思いやってみました。

ゴール

  • VM作成し、秘密鍵も取得する(GUIでのVM作成と同じようにしたい)
  • OSはCentOS

VM作成以外で必要なリソース(こちらもTerraformで作成します)

  • リソースグループ
  • 仮想ネットワーク
  • サブネット
  • パブリックIP
  • NSGと通信ルール(SSH許可)
  • NIC
  • ディスク

ここでは扱わないこと

Terraform実行環境の方法

tfファイルの内容

ファイル構成はmain.tfのみで記載しました
locationは東日本(japaneast)です

provider "azurerm" {
  features {}
}

# リソースグループの作成
resource "azurerm_resource_group" "myazrg" {
  name     = "aztest_rg"
  location = "japaneast"
}

# 仮想ネットワークの作成
resource "azurerm_virtual_network" "vnet" {
  name                = "aztest_vnet"
  address_space       = ["10.0.0.0/16"]
  location            = "japaneast"
  resource_group_name = azurerm_resource_group.myazrg.name
}

# サブネットの作成
resource "azurerm_subnet" "subnet" {
  name                 = "default"
  resource_group_name  = azurerm_resource_group.myazrg.name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = ["10.0.1.0/24"]
}

# パブリックIPの作成
resource "azurerm_public_ip" "publicip" {
    name                         = "myPublicIP"
    location                     = "japaneast"
    resource_group_name          = azurerm_resource_group.myazrg.name
    allocation_method            = "Dynamic"

}

#  NSGの作成と通信ルールの設定(SSH許可)
resource "azurerm_network_security_group" "nsg" {
    name                = "mynsg"
    location            = "japaneast"
    resource_group_name = azurerm_resource_group.myazrg.name

    security_rule {
        name                       = "SSH"
        priority                   = 1001
        direction                  = "Inbound"
        access                     = "Allow"
        protocol                   = "Tcp"
        source_port_range          = "*"
        destination_port_range     = "22"
        source_address_prefix      = "<"*"でも良いですがクライアントのIPに絞るのがセキュリティ的によいと思います>"
        destination_address_prefix = "*"
    }
}

# ネットワークインターフェイスの作成
resource "azurerm_network_interface" "nic" {
  name                      = "nic"
  location                  = "japaneast"
  resource_group_name       = azurerm_resource_group.myazrg.name

  ip_configuration {
    name                          = "internal"
    subnet_id                     = azurerm_subnet.subnet.id
    private_ip_address_allocation = "Dynamic"
  }
}

# SSHキーの作成
resource "tls_private_key" "myazssh" {
  algorithm = "RSA"
  rsa_bits = 4096
}
output "tls_private_key" { 
    value = tls_private_key.myazssh.private_key_pem 
    sensitive = true
}

# 仮想マシンの作成
# OSはCentOS7.6
resource "azurerm_linux_virtual_machine" "myazvm" {
  name                = "myszvm"
  resource_group_name = azurerm_resource_group.myazrg.name
  location              = "japaneast"
  size                = "Standard_DS1_v2"
  admin_username = "azureuser"
  network_interface_ids = [
    azurerm_network_interface.nic.id,
  ]
  
  admin_ssh_key {
    username       = "azureuser"
    public_key     = tls_private_key.myazssh.public_key_openssh
  }

  os_disk {
    caching              = "ReadWrite"
    storage_account_type = "Standard_LRS"
  }

  source_image_reference {
    publisher = "OpenLogic"
    offer     = "CentOS"
    sku       = "7.6"
    version   = "latest"
  }
}

Terraformの実行

初期化(terraform init)

$ terraform init

Initializing the backend...

Initializing provider plugins...
- Finding latest version of hashicorp/tls...
- Reusing previous version of hashicorp/azurerm from the dependency lock file
- Installing hashicorp/tls v3.1.0...
- Installed hashicorp/tls v3.1.0 (self-signed, key ID 34365D9472D7468F)

Partner and community providers are signed by their developers.
If you'd like to know more about provider signing, you can read about it here:
https://www.terraform.io/docs/cli/plugins/signing.html

Terraform has made some changes to the provider dependency selections recorded
in the .terraform.lock.hcl file. Review those changes and commit them to your
version control system if they represent changes you intended to make.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

構文チェック(terraform validate)

だいたいここでエラーが出るので、出たところを都度修正していきます

$ terraform validate
Success! The configuration is valid.

実行の予行(terraform plan)

AnsibleでいうDry Runみたいなもの

$ terraform plan -out main.tfplan
tls_private_key.myazssh: Refreshing state... [id=xxx]
azurerm_resource_group.rg: Refreshing state... [id=/subscriptions/xxx/resourceGroups/aztest_rg]

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

(略)

Plan: 7 to add, 0 to change, 0 to destroy.

------------------------------------------------------------------------

This plan was saved to: main.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "main.tfplan"

実行(terraform apply)

$ terraform apply main.tfplan
azurerm_resource_group.myazrg: Creating...
(略)
azurerm_linux_virtual_machine.myazvm: Creating...
azurerm_linux_virtual_machine.myazvm: Still creating... [10s elapsed]
azurerm_linux_virtual_machine.myazvm: Still creating... [20s elapsed]
azurerm_linux_virtual_machine.myazvm: Still creating... [30s elapsed]
azurerm_linux_virtual_machine.myazvm: Still creating... [40s elapsed]
azurerm_linux_virtual_machine.myazvm: Still creating... [50s elapsed]
azurerm_linux_virtual_machine.myazvm: Still creating... [1m0s elapsed]
azurerm_linux_virtual_machine.myazvm: Still creating... [1m10s elapsed]
azurerm_linux_virtual_machine.myazvm: Creation complete after 1m17s [id=/subscriptions/xxx/resourceGroups/aztest_rg/providers/Microsoft.Compute/virtualMachines/myszvm]

Apply complete! Resources: 7 added, 0 changed, 0 destroyed.

The state of your infrastructure has been saved to the path
below. This state is required to modify and destroy your
infrastructure, so keep it safe. To inspect the complete state
use the `terraform show` command.

State path: terraform.tfstate

Outputs:

tls_private_key = <sensitive>

こちらで、Azure Portalを見ると作成されています。

無題.png

秘密鍵取得

terraform output -raw tls_private_key
-----BEGIN RSA PRIVATE KEY-----
(略)
-----END RSA PRIVATE KEY-----

こちらで秘密鍵が取得できます

鍵をコピペして、sshでログイン完了です。

感想

コマンド4回でVM作成ができるのは楽ですね。
GUIの変更で都度手順作成直しなども気にならなくなると思いました。
次は、ホスト名、IP変えて複数VM作成とか、WindowsOSでの作成などを行う予定です。
ご覧いただきありがとうございました。

参考

公式:Terraform を使用して Azure で Linux VM とインフラストラクチャを構成する
AzureのIaaS検証環境をTerraformで用意する

6
3
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
6
3

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?